Overview

overview

10

Static

static

10

3b3d2699a6...18.exe

windows7-x64

10

3b3d2699a6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b3d2699a679db2b32f56d27b3ec8e38_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240712-aaj5gsseqc

  • MD5

    3b3d2699a679db2b32f56d27b3ec8e38

  • SHA1

    dfdb6196a36b4e921006d17882e09d88d698b6d2

  • SHA256

    1a2ef4ec2183acab4212a862ac9a29fcee45ce79caeca9788bf8ed89d039d610

  • SHA512

    aba3f2e66425d2abc5005d577a5d13ab2b5c41c74d6a7c9c5c911b2d807d3b65b86d853a3325fe3410e0ef063f0cf359b946ab884d7904aabe549c519241d979

  • SSDEEP

    3072:8sOv8fESTARqUUCFt9/Ns8QDCaExTV1NTTLQETTaEykC3/hC3/:ZOvk/E1TQmB6

Score
10/10
bazarloaderdropperloaderpersistence

Malware Config

Extracted

Family

bazarloader

C2

34.221.125.90

34.209.41.233

dfegjlefggjo.bazar

bcfijmcchijp.bazar

aeghkkbeihkn.bazar

cfhgjldfjgjo.bazar

cehgkldejgko.bazar

efehilffghio.bazar

Targets

    • Target

      3b3d2699a679db2b32f56d27b3ec8e38_JaffaCakes118

    • Size

      1.0MB

    • MD5

      3b3d2699a679db2b32f56d27b3ec8e38

    • SHA1

      dfdb6196a36b4e921006d17882e09d88d698b6d2

    • SHA256

      1a2ef4ec2183acab4212a862ac9a29fcee45ce79caeca9788bf8ed89d039d610

    • SHA512

      aba3f2e66425d2abc5005d577a5d13ab2b5c41c74d6a7c9c5c911b2d807d3b65b86d853a3325fe3410e0ef063f0cf359b946ab884d7904aabe549c519241d979

    • SSDEEP

      3072:8sOv8fESTARqUUCFt9/Ns8QDCaExTV1NTTLQETTaEykC3/hC3/:ZOvk/E1TQmB6

    Score
    10/10
    bazarloaderdropperloaderpersistence

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks